emails: hardcode nondisposable email list.

Hardcode the list of nondisposable email providers instead of making it a config option. Also add a few new providers. This was previously a config option to keep it secret, but there's not much need for secrecy here. A Restricted user's email must be on this list to unrestrict their account. If a user is Restricted and their email is not in this list, then it's assumed to be disposable and can't be used to unrestrict their account even if they verify their email address.
2021-09-05 18:21:35 -05:00
parent 19f01d4554
commit 28edd5a22a
4 changed files with 74 additions and 21 deletions
--- a/app/logical/email_validator.rb
+++ b/app/logical/email_validator.rb
@@ -134,6 +134,78 @@ module EmailValidator
    "hanmail.net" => "daum.net",
  }

+  # A list of domains known not to be disposable. A user's email must be on
+  # this list to unrestrict their account. If a user is Restricted and their
+  # email is not in this list, then it's assumed to be disposable and can't be
+  # used to unrestrict their account even if they verify their email address.
+  #
+  # https://www.mailboxvalidator.com/domain
+  NONDISPOSABLE_DOMAINS = %w[
+    gmail.com
+    outlook.com
+    yahoo.com
+    aol.com
+    comcast.net
+    att.net
+    bellsouth.net
+    cox.net
+    sbcglobal.net
+    verizon.net
+    icloud.com
+    rocketmail.com
+    windowslive.com
+    qq.com
+    vip.qq.com
+    sina.com
+    naver.com
+    163.com
+    daum.net
+    mail.goo.ne.jp
+    nate.com
+    mail.com
+    protonmail.com
+    gmx.net
+    web.de
+    freenet.de
+    o2.pl
+    op.pl
+    wp.pl
+    interia.pl
+    mail.ru
+    yandex.ru
+    rambler.ru
+    abv.bg
+    seznam.cz
+    libero.it
+    laposte.net
+    free.fr
+    orange.fr
+    citromail.hu
+    ukr.net
+    t-online.de
+    inbox.lv
+    luukku.com
+    lycos.com
+    tlen.pl
+    infoseek.jp
+    excite.co.jp
+    mac.com
+    wanadoo.fr
+    ezweb.ne.jp
+    arcor.de
+    docomo.ne.jp
+    earthlink.net
+    charter.net
+    hushmail.com
+    inbox.com
+    juno.com
+    shaw.ca
+    walla.com
+    tutanota.com
+    foxmail.com
+    vivaldi.net
+  ]
+
  # Returns true if it's okay to connect to port 25. Disabled outside of
  # production because many home ISPs blackhole port 25.
  def smtp_enabled?
@@ -168,10 +240,8 @@ module EmailValidator
  # @param [String] the email address
  # @return [Boolean]
  def is_restricted?(address)
-    return false if Danbooru.config.email_domain_verification_list.blank?
-
    domain = Mail::Address.new(address).domain
-    !domain.in?(Danbooru.config.email_domain_verification_list.to_a)
+    !domain.in?(NONDISPOSABLE_DOMAINS)
  rescue Mail::Field::IncompleteParseError
    true
  end
--- a/app/models/email_address.rb
+++ b/app/models/email_address.rb
@@ -32,7 +32,7 @@ class EmailAddress < ApplicationRecord
  end

  def self.restricted(restricted = true)
-    domains = Danbooru.config.email_domain_verification_list
+    domains = EmailValidator::NONDISPOSABLE_DOMAINS
    domain_regex = domains.map { |domain| Regexp.escape(domain) }.join("|")

    if restricted.to_s.truthy?